Hi Ha, I cant able to use this one :
tcpdump -i ethX port 5140 where ; tcpdump -i eth162.20.100.27 port 5140 (Can you please let me know whether I am using the right one) Can I use 16001 to configure syslog to receive the logs ??? Thank you Ha On Tuesday, August 16, 2016 at 11:36:29 AM UTC-7, Ha NN wrote: > > Hi Sam, > > there is nothing on port 5140. > > Am 16.08.2016 8:21 nachm. schrieb "sam" <[email protected] <javascript:>>: > >> Hi Ha, >> >> below is the output for netstat -tulpen: where my graylog address is : >> 162.20.100.27 >> >> Active Internet connections (only servers) >> Proto Recv-Q Send-Q Local Address Foreign Address >> State User Inode PID/Program name >> tcp 0 0 162.20.100.27:16001 0.0.0.0:* >> LISTEN 0 14422 1311/python >> tcp 0 0 127.0.0.1:27017 0.0.0.0:* >> LISTEN 499 21667 2180/mongod >> tcp 0 0 0.0.0.0:22 0.0.0.0:* >> LISTEN 0 14409 1651/sshd >> tcp 0 0 ::ffff:162.20.100.27:12900 :::* >> LISTEN 497 570097 30968/java >> tcp 0 0 ::ffff:127.0.0.1:9350 :::* >> LISTEN 497 570036 30968/java >> tcp 0 0 ::1:9350 :::* >> LISTEN 497 570035 30968/java >> tcp 0 0 ::ffff:162.20.100.27:9000 :::* >> LISTEN 497 569340 30968/java >> tcp 0 0 :::12201 :::* >> LISTEN 497 610172 30968/java >> tcp 0 0 ::ffff:127.0.0.1:9200 :::* >> LISTEN 498 103819 25135/java >> tcp 0 0 ::1:9200 :::* >> LISTEN 498 103818 25135/java >> tcp 0 0 ::ffff:127.0.0.1:9300 :::* >> LISTEN 498 103168 25135/java >> tcp 0 0 ::1:9300 :::* >> LISTEN 498 103791 25135/java >> tcp 0 0 :::22 :::* >> LISTEN 0 14411 1651/sshd >> udp 0 0 0.0.0.0:68 0.0.0.0:* >> 0 13290 1594/dhclient >> udp 0 0 162.20.100.27:123 0.0.0.0:* >> 0 30140 2804/ntpd >> udp 0 0 127.0.0.1:123 0.0.0.0:* >> 0 30139 2804/ntpd >> udp 0 0 0.0.0.0:123 0.0.0.0:* >> 0 30132 2804/ntpd >> udp 0 0 :::12201 :::* >> 497 611311 30968/java >> udp 0 0 fe80::20d:3aff:fe01:162b:123 :::* >> 0 30142 2804/ntpd >> udp 0 0 ::1:123 :::* >> 0 30141 2804/ntpd >> udp 0 0 :::123 :::* >> 0 30133 2804/ntpd >> >> >> >> >> >> On Monday, August 15, 2016 at 11:14:42 PM UTC-7, Ha NN wrote: >>> >>> Hi Sam >>> >>> please make sure that graylog is listening on the right port. >>> >>> give us the output for >>> >>> netstat -tulpen >>> >>> Please make sure that you are sending data on that port with >>> >>> tcpdump -i ethX port 5140 >>> >>> Replace the x with your interface. >>> >>> Am 16.08.2016 6:53 vorm. schrieb "sam" <[email protected]>: >>> > >>> > Hi Jason, >>> > >>> > >>> > Graylog is installed in linux server. I used rpm package for >>> installation. (graylog 2.0) . Can you let me know the possible reasons. >>> > >>> > >>> > Firewall on graylog server or client machine? >>> > >>> > >>> > >>> > Thank you >>> > >>> > >>> > On Monday, August 15, 2016 at 3:44:35 PM UTC-7, Jason Warnes wrote: >>> >> >>> >> It might be a firewall on your graylog server. Without knowing what >>> method you used to install the graylog server it's hard to know for sure. >>> >> >>> >> >>> >> On Monday, August 15, 2016 at 12:46:02 AM UTC-6, sam wrote: >>> >>> >>> >>> Hi All, >>> >>> >>> >>> I am trying to send syslog messages into my graylog server. I >>> configured the ip address in /etc/rsyslog.conf file, I have issues in >>> getting the logs to my graylog server. >>> >>> >>> >>> >>> >>> Can anyone of you help me from this please..! >>> >>> >>> >>> /etc/rsyslog.conf/ >>> >>> >>> >>> >>> >>> >>> >>> *.* @graylog.ip.address:5140 >>> >>> >>> >>> This settings are configured in client server, >>> >>> >>> >>> >>> >>> Input configure in graylog server is : >>> >>> bind address : 0.0.0.0 >>> >>> port : 5140 >>> >>> >>> >>> >>> >>> >>> >>> Thank you >>> >>> Sam >>> >>> >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups "Graylog Users" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> > To view this discussion on the web visit >>> https://groups.google.com/d/msgid/graylog2/7447055d-cb6e-4ae0-bd7b-9fb4aadad414%40googlegroups.com >>> . >>> > >>> > For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Graylog Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/39594c4d-9b76-4c11-8d53-83fed2c02a4e%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/39594c4d-9b76-4c11-8d53-83fed2c02a4e%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/dcb967d3-8968-40b1-9a06-3ba4b6e323e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
